GMS-2016-6: Content Injection via TileJSON Name

January 12, 2016

Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.

References

hackerone.com/reports/99245

Detect and mitigate GMS-2016-6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →